A cybercrime team has developed a new set of phishing tools that adapt to the victim, changing the logo and text of a disguised page that secretly engages in all sorts of “malice” in real time. A toolkit called LogoKit is already in full use by criminals, says security firm RiskIQ, which tracked the software’s career.
According to RisIQ, it has been in more than 300 domains last week and one in the past month. LogiKit has been installed in more than 700 locations. The tool tricks the victim into the site with phishing links and then imports your company logo from an external service. It uploads the victim’s email address in the email or username field, giving the target the appearance that they have logged in to the site at some point in the past. If you then enter your password unsuspectingly, LogoKit performs an AJAX search and sends the target email or password to an external address, then redirects the user to the actual corporate website.